Office (OOXML) / .XLSX malware analysis — malicious · ca45c411c08ea621

MALICIOUS

Office (OOXML) / .XLSX

14.8 KB Created: 2023-12-27 06:41:10 UTC Authoring application: Microsoft Excel 16.0300 First seen: 2026-06-22

MD5: b5bfc2f41e913739e9a9dcece07576aa SHA-1: 975e137acd13884fa109c1aa331610aec0e51f6a SHA-256: ca45c411c08ea621b96db8c7ac72dec437cd5e22656b2f9966e5dbf1a9817515

140 Risk Score

Heuristics 2

ClamAV: Eicar-Test-Signature critical CLAMAV_DETECTION

ClamAV detected this file as malware: Eicar-Test-Signature
Embedded OLE object medium OOXML_OLE_OBJECT

Document contains an embedded OLE object

Extracted artifacts 4

Files carved from inside the sample during analysis.

Filename	Kind	Source	Size
`ooxml_oleobject_00.bin`	ooxml-ole-object	OOXML embedded OLE part: xl/embeddings/oleObject1.bin	3072 bytes
SHA-256: `856d39e8439a8095f0aefc1f6696277d6ea3c02bb2f791830fa6667eaa2b257f`
Detection ClamAV: Eicar-Test-Signature Obfuscation or payload: unlikely
`ooxml_oleobject_00_ole10native_00.bin`	ole-package	OOXML xl/embeddings/oleObject1.bin Ole10Native stream: Ole10Native	575 bytes
SHA-256: `18daccfd55efff9a2298031dbc53dcf6d898b97cf25ff23096f8fabf9de331a0`
`ooxml_oleobject_00_ole10native_00_eicar.txt`	ole-package-payload	OOXML xl/embeddings/oleObject1.bin Ole10Native payload: display_name=eicar.txt; full_path=C:\Users\YZ\AppData\Local\Temp\{1BCCD91E-1642-4F87-B5D0-4827D8A92950}\{41AF9B28-DDE0-4749-A276-90D2750869C8}\eicar.txt; temp_path=; def_file=	68 bytes
SHA-256: `275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f`
Detection ClamAV: Eicar-Test-Signature Obfuscation or payload: unlikely
`emf_00.emf`	ooxml-emf	OOXML EMF part: xl/media/image1.emf	4988 bytes
SHA-256: `626b2e550af6f5ba4621539ae72862a6b336997ef9281f8c48403fea4d63fb5f`

Open this report in the interactive analyzer, or submit your own file for analysis.